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EXAMINER'S ANSWER 



This is in response to the appeal brief filed January 10, 2010 appealing from the Office 
action mailed May 22, 2009. 



Application/Control Number: 10/596,774 



Art Unit: 2431 



Page 2 



(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial 
proceedings which will directly affect or be directly affected by or have a bearing on the 
Board's decision in the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection 
contained in the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is 
correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

2004/0205176 TING 10-2004 

20030074552 OLKIN 4-2003 

(9) Grounds of Rejection 
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The following ground(s) of rejection are applicable to the appealed claims: 
Claims 1-4 and 8-11 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Ting et al. (US 2004/0205176). 
Regarding Claims 1 and 4: 

Ting discloses a method of operating a computing device ("Client" See fig. 1 ref. 
no. 104 and paragraph 23) that in response to a request from a user to carry out an 
operation using the device and for which the identity of the user is required to be 
authenticated ("In response to a user's selection of an application and consequent 
receipt of a login or other form-based screen, the invention fills in the information called 
for by the screen and causes its transmission back to the server." See paragraph 6), 
determining the time period since the identity of the user was last authenticated ("The 
revocation or reauthentication can, for example, be initiated by one or more trigger 
events. The trigger events can be stored in the user profile and can include broken 
communications connection, expiration of a password, a changed password, the 
passage of time , or a sequence of events at the client or in the application or both." See 
paragraph 9), and enabling the requested operation by determining the type of 
operation being requested by the user and enabling the operation only if the determined 
time period is valid for the type of operation requested by the user ("Moreover, the 
invention can facilitate the revocation of a user's access to one or more applications, or 
require a user to reauthenticate their identity. The revocation or reauthentication can, 
for example, be initiated by one or more trigger events." See paragraph 9). 
Regarding Claims 2-3: 
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Ting discloses each application often requires a separate login procedure, 
including some form of personal identification such as a user ID, a password, a key 
sequence, or biometric authentication (See paragraph 2). 
Regarding Claim 8: 

Ting discloses companies may employ separate application for electronic mail, 
document control, financial applications, inventory management, manufacturing control, 
and engineering functions, in addition to overall network access (See paragraph 2). 
Regarding Claims 9-1 1 : 

Ting discloses the client can be any computing device, for example, a personal 
computer, set top box, wireless mobile phone, handheld device, personal digital 
assistant, and kiosk (See paragraph 23). 

Claims 5-7 are rejected under 35 U.S.C. 103(a) as being obvious over Ting et al. 
(US 2004/0205176) in view of Olkin et al. (US 2003/0074552). 

Ting discloses the above stated method of operating a computing device that 
revokes a user's access to one or more application of a period of time after the user has 
authenticated himself (See paragraphs 6-9). 

Ting does not disclose the period of time is set by the user. 

Olkin discloses a method permitting participants acting as the source or 
destinations for a message to securely communicate the message where suitable 
defaults can be provided for an encrypts subject setting, a cache password setting, a 
cache time setting, an expiration setting, and a maximum reads setting, but 
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sophisticated user or particular situation may merit changing these settings (See 
paragraphs 64-65). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the method for operating a computing device discloses by Ting to 
include allowing sophisticated uses to change the period of time for access revocation 
such as that taught by Olkin in order to allow personalization of the method. 
Regarding Claim 7: 

The above stated combination of Ting and Olkin discloses the user profile can 
remain of the client machine after termination of a user session, or alternatively, can be 
erased upon termination of a user session (See Ting paragraph 9). 

(10) Response to Argument 

The Appellant argues: 

That Ting does not teach "enabling the requested operation by determining the 
type of operation being requested by the user and enabling the operation only if the 
determined time period is valid for the type of operation being requested by the user." 

The Examiner contends that Ting does teach enabling the requested operation 
by determining the type of operation being requested by the user and enabling the 
operation only if the determined time period is valid for the type of operation being 
requested by the user. The Appellant split the limitation into two separate arguments 
which the Examiner will consider in turn. 
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First, the Appellant argues that Ting does not teach determining the type of 
operation being requested by the user. The Examiner contends that Ting does teach 
determining the type of operation being requested by the user. Ting discloses a system 
of controlling user access to computer applications (Ting: paragraph 0007). It 
accomplishes this by storing a user profile on a server and this user profile information 
is sent from the server to a client to grant access to one or more applications (Ting: 
paragraph 0007). The user profile contains a set of user privileges and functionality 
rights within one or more applications (Ting: paragraph 001 1 ). Since this set of user 
privileges and functionality are associated with an application, the user profile 
determines an operation being requested by the user, whether it be merely accessing 
an application, or accessing an application for a period of time (Ting: paragraph 0043). 
The Examiner contends that in order for a trigger event, such as elapsed time within an 
application, to require re-authentication, the operation (accessing an application) must 
be determined (Ting: paragraph 0043), otherwise the trigger event would not be 
effective in requiring the user to re-authenticate to gain access to that particular 
application. Therefore, the Examiner contends that Ting does disclose determining the 
type of operation being requested by the user. 

Second, the Appellant argues that Ting does not teach enabling the operation 
only if the determined time period is valid for the type of operation requested by the 
user. The Examiner contends that Ting does teach enabling the operation only if the 
determined time period is valid for the type of operation requested by the user. Ting 
discloses that trigger events, such as the passage of time, can be stored in the user 
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profile (Ting: paragraph 0009) which contains a set of user privileges and functionality 
rights within one or more applications (Ting: paragraph 001 1 ). This passage of time 
can be associated directly with the application by containing a trigger even which 
depends on the passage of time within a particular application (Ting: paragraph 0043). 
In order for the system to determine the passage of time within the particular 
application, a particular operation (access to an application) must be determined. 
Furthermore, the time period for access to that application must not have elapsed (time 
period has to be valid) for access to be granted to that application (enabling the 
operation) (Ting: paragraph 0043). Therefore, the Examiner contends that Ting does 
disclose enabling the operation only if the determined time period is valid for the type of 
operation requested by the user. 

Finally, the Appellant argues that a Prima Facie case of obviousness has not 
been established. 

The Examiner contends that a prima facie case of obviousness does exist to 
combine Ting with Olkin. Ting discloses a method to provide users access to 
applications by providing a user profile (see Ting: Abstract). Ting provides that a time 
period can be tracked for a user within an application, and that the user can be forced to 
re-authenticate when the time expires (Ting: paragraph 0043). Olkin discloses a 
system permitting users to set the time of expiration of a password, or a cache time 
setting (Olkin: paragraph 0065, 0068). Olkin states that cache time setting works with 
the cache password setting to control a maximum time that a password can be cached, 
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and therefore, adjust the security settings of the system (Olkin: paragraphs 0068-0069). 
Therefore, the system of Ting could be adjusted to allow a user or administrator to set 
the expiration time of the password or key to allow or disallow access to applications or 
to force the user to re-authenticate to the system. Therefore, it would have been 
obvious to one of ordinary skill in the art to combine Ting with Olkin to allow the security 
of the system to be adjusted by controlling the maximum time which a password can be 
cached (Olkin: paragraph 0068). 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the 
Related Appeals and Interferences section of this examiner's answer. 
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(12) Conclusion 

For the above reasons, it is believed that the rejections should be sustained. 

Respectfully submitted, 
Kaveh Abrishamkar 
Primary Examiner, AU 2431 
/Kaveh Abrishamkar/ 

Conferees: 
William Korzuch 
/William R. Korzuch/ 

Supervisory Patent Examiner, Art Unit 2431 

Christopher Revak 
/Christopher A. Revak/ 
Primary Examiner, Art Unit 2431 



